To exploit the cross-site scripting issues, an attacker must entice an unsuspecting victim to follow a malicious URI. The attacker may use readily available tools to send a request to the application to carry out the URL forwarding attack or they may carry out this attack through a WebAccess user.